cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
0
Helpful
7
Replies
Highlighted
Beginner

I need help with a poor config

Hi all! Thank you for reviewing my question. I hope you can help me out. I needed to create a few VLANs off of a Cat 4506. I inherited this LAN and it is configured poorly. I cannot overhaul it at this time so I am stuck working in this scenario. You have the Internet coming into an ASA 5510. That ASA connects to the Cat 4506. Now the ASA is actually the default gateway on the local LAN. The CAT 4506 doesnt really do any routing.

I have two VLANs on the cat:

Default: is the main VLAN for the organization 192.168.0.0/23

VLAN2: This will be for a wireless network 10.220.1.0/24

Now the default VLAN uses the ASA as its default gateway 192.168.1.1

VLAN2 has IP 10.220.1.1 assigned to it.

I have the appropriate routes in the ASA. I can ping from the default VLAN to VLAN2 on the cat itself. I can ping VLAN2 from the ASA no problem. However when I try and ping VLAN2 from a workstation on the default VLAN it fails.

Does anyone have any idea as to why I wouldn't be able to ping VLAN 2 from the workstation on the Default VLAN?Routing issue.jpg

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Mentor

I need help with a poor config

I had a chance to review your diagram and it seems you have SVIs in the 4500.

As John correctly pointed out, you should enabled 'ip routing' in the 4500 and simply change the default gateway on default Vlan to .5

Additionally, have a default static route from the 4500 pointing to the ASA.

From the ASA, just have a route to Vlan 2 pointing to the .5 address.

7 REPLIES 7
Beginner

I need help with a poor config

did you try to trunk the the cat ports the vlans are connected to? if u do is the cat a multilayer cat switch if so pls use the ip routing command so that intervlan communication can work.

Beginner

I need help with a poor config

But I can ping the VLAN on the cat itself AND I can ping VLAN2 from the ASA as well. I thought you enable trunking between 2 switches not a switch and firewall.

Hall of Fame Mentor

I need help with a poor config

Packets are in and out the same interface which isn't allowed by default, please refer to:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

Beginner

I need help with a poor config

I have it enabled. actually both inter and intra are enabled. Again I can ping VLAN 2 from the ASA. Its just when I try from a workstation that uses the ASA as the default gateway. Thanks for the replies.

Advisor

I need help with a poor config

Do you have routing enabled on the switch?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Hall of Fame Mentor

I need help with a poor config

I had a chance to review your diagram and it seems you have SVIs in the 4500.

As John correctly pointed out, you should enabled 'ip routing' in the 4500 and simply change the default gateway on default Vlan to .5

Additionally, have a default static route from the 4500 pointing to the ASA.

From the ASA, just have a route to Vlan 2 pointing to the .5 address.

Beginner

I need help with a poor config

SVIs are virtual interfaces for connecting intervlan routing. then u can use the ip address of the SVI as ur D.G

at the workstaions nodes.

e.g

interface vlan 2 (this command would create the SVI interface.)

ip add 192.168.1.1 255.255.255.0

ip routing.

so all the workstation would use this add as there D.G and the remaining address as theere statis ip.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards